web analytics

Update 500-280 Dumps with VCE and PDF for Free (Question 21 – Question 30)

New 500-280 exam questions from PassLeader 500-280 dumps! Welcome to download the newest PassLeader 500-280 VCE and PDF dumps: http://www.passleader.com/500-280.html (70 Q&As)

P.S. Free 500-280 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpdGtsVkxNYUYwa2s

QUESTION 21
Which statement about the distribution of SO rules is true?

A.    SO rules ship with the regular rules download.
B.    SO rules ship with the regular Snort distribution.
C.    SO rules ship as a separate download.
D.    SO rules are not distributed because you need to build your own rules.

Answer: A

QUESTION 22
What is VRT?

A.    Very Reliable Technology
B.    Vulnerability Resolved Testing
C.    Vulnerability Research Team
D.    Vulnerability Resources and Testing

Answer: C

QUESTION 23
Which management and analysis tool can you use to enhance a Snort installation?

A.    Wireshark
B.    tcpdump
C.    Nmap
D.    PulledPork

Answer: D

QUESTION 24
Which file is the primary configuration file for keeping rules up to date?

A.    pulled.config
B.    porker.conf
C.    snort.conf
D.    pulledpork.conf

Answer: D

QUESTION 25
Which file defines Snort IDs and associated alert labels that are not provided within the unified output format?

A.    snort-id.tab
B.    snort-id.msg
C.    sid-msg.map
D.    sid-id.conf

Answer: C

QUESTION 26
Which information does the rule body contain?

A.    source IP
B.    protocol
C.    port number
D.    specification of which portion of a packet payload to examine

Answer: D

QUESTION 27
Which character must a rule body end with?

A.    parenthesis
B.    period
C.    exclamation mark
D.    semicolon

Answer: A

QUESTION 28
Which keyword can you use to check a packet IP header TTL value?

A.    tos
B.    ttl
C.    byte_test
D.    ipopts

Answer: B

QUESTION 29
Which action is valid for decoder/preprocessor stub rules?

A.    file I/O
B.    recurse
C.    inspect
D.    reject

Answer: D

QUESTION 30
Which keyword can you use to try to close a session when an alert is triggered?

A.    react
B.    resp
C.    logto
D.    tag

Answer: B


New 500-280 exam questions from PassLeader 500-280 dumps! Welcome to download the newest PassLeader 500-280 VCE and PDF dumps: http://www.passleader.com/500-280.html (70 Q&As)

P.S. Free 500-280 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpdGtsVkxNYUYwa2s